From 18aa193fe7e297bd0d9ddada5dad65f2a1002091 Mon Sep 17 00:00:00 2001 From: Caleb Gardner Date: Sat, 9 Nov 2024 11:32:16 -0600 Subject: [PATCH] More stuff for login and editor --- editor.go | 27 ++++++++++++++++++++++++++- embed/editor.html | 1 + embed/login.html | 11 +++-------- internal/backend/darkstorm.go | 2 +- internal/backend/db/mongo.go | 3 +++ internal/backend/header.go | 2 +- internal/backend/user.go | 20 ++++++++++++++++---- 7 files changed, 51 insertions(+), 15 deletions(-) diff --git a/editor.go b/editor.go index 384acdd..ed76e42 100644 --- a/editor.go +++ b/editor.go @@ -39,4 +39,29 @@ func (e Editor) LoginPage(w http.ResponseWriter, r *http.Request) { sendContent(w, r, string(dat), "", "") } -func (e Editor) Editor(w http.ResponseWriter, r *http.Request) {} +func (e Editor) Editor(w http.ResponseWriter, r *http.Request) { + hdr, err := back.ParseHeader(r) + if err == backend.ErrApiKeyUnauthorized || err == backend.ErrTokenUnauthorized || hdr == nil || hdr.User == nil { + if r.Header.Get("HX-Request") == "true" { + w.Header().Set("HX-Location", `{"path":"/login", "target":"#content"}`) + return + } + w.Header().Set("Content-Type", "text/html") + http.Redirect(w, r, "https://darkstorm.tech/login", http.StatusSeeOther) + return + } + page, err := editorFS.Open("embed/editor.html") + defer page.Close() + if err != nil { + log.Println("error getting editor.html:", err) + sendContent(w, r, "error getting page", "", "") + return + } + dat, err := io.ReadAll(page) + if err != nil { + log.Println("error reading editor.html:", err) + sendContent(w, r, "error getting page", "", "") + return + } + sendContent(w, r, string(dat), "", "") +} diff --git a/embed/editor.html b/embed/editor.html index e69de29..dd6cf9a 100644 --- a/embed/editor.html +++ b/embed/editor.html @@ -0,0 +1 @@ +

THIS IS A POGGIES EDITOR. SAY WOW!

diff --git a/embed/login.html b/embed/login.html index 21d3f4a..c6439c4 100644 --- a/embed/login.html +++ b/embed/login.html @@ -1,14 +1,9 @@ - - -
+
+ +

diff --git a/internal/backend/darkstorm.go b/internal/backend/darkstorm.go index bfb22a5..c96cde1 100644 --- a/internal/backend/darkstorm.go +++ b/internal/backend/darkstorm.go @@ -104,7 +104,7 @@ func (b *Backend) ServeHTTP(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodOptions { w.Header().Set("Access-Control-Allow-Methods", "*") w.Header().Set("Access-Control-Allow-Credentials", "true") - w.Header().Set("Access-Control-Allow-Headers", "*") + w.Header().Set("Access-Control-Allow-Headers", "*, Authorization") } } b.m.ServeHTTP(w, r) diff --git a/internal/backend/db/mongo.go b/internal/backend/db/mongo.go index a72689b..dd0a8eb 100644 --- a/internal/backend/db/mongo.go +++ b/internal/backend/db/mongo.go @@ -39,6 +39,9 @@ func (m *MongoTable[T]) Find(ctx context.Context, values map[string]any) ([]T, e } var out []T err = res.All(ctx, &out) + if len(out) == 0 { + return nil, backend.ErrNotFound + } return out, err } diff --git a/internal/backend/header.go b/internal/backend/header.go index ea3d998..9af1dad 100644 --- a/internal/backend/header.go +++ b/internal/backend/header.go @@ -52,7 +52,7 @@ func (b *Backend) ParseHeader(r *http.Request) (*ParsedHeader, error) { } out.Key = apiKey } else { - fmt.Println(r.Header.Get("origin")) + fmt.Println("origin:", r.Header.Get("origin")) keys, err := b.keyTable.Find(r.Context(), map[string]any{"allowedOrigins": r.Header.Get("origin")}) if err == ErrNotFound { return nil, ErrApiKeyUnauthorized diff --git a/internal/backend/user.go b/internal/backend/user.go index ea39a58..f099987 100644 --- a/internal/backend/user.go +++ b/internal/backend/user.go @@ -1,12 +1,14 @@ package backend import ( + "context" "crypto/rand" "encoding/base64" "encoding/json" "errors" "log" "net/http" + "strconv" "time" "github.com/golang-jwt/jwt/v5" @@ -208,9 +210,10 @@ type loginRequest struct { } type loginReturn struct { - Token string `json:"token"` - Error string `json:"error"` - Timeout int64 `json:"timeout"` + Token string `json:"token"` + Error string `json:"error"` + ErrorMsg string `json:"errorMsg"` + Timeout int64 `json:"timeout"` } func (b *Backend) login(w http.ResponseWriter, r *http.Request) { @@ -234,6 +237,7 @@ func (b *Backend) login(w http.ResponseWriter, r *http.Request) { users, err := b.userTable.Find(r.Context(), map[string]any{"username": req.Username}) if errors.Is(err, ErrNotFound) || len(users) != 1 { ret.Error = "invalid" + ret.ErrorMsg = "Incorrect username or password" w.WriteHeader(http.StatusUnauthorized) json.NewEncoder(w).Encode(ret) return @@ -241,7 +245,8 @@ func (b *Backend) login(w http.ResponseWriter, r *http.Request) { u := users[0] if time.Unix(u.Timeout, 0).After(time.Now()) { ret.Error = "timeout" - ret.Timeout = time.Now().Unix() - u.Timeout + ret.Timeout = u.Timeout - time.Now().Unix() + ret.ErrorMsg = "Timed out for " + strconv.Itoa(int(ret.Timeout)) + " seconds" w.WriteHeader(http.StatusUnauthorized) json.NewEncoder(w).Encode(ret) return @@ -260,8 +265,15 @@ func (b *Backend) login(w http.ResponseWriter, r *http.Request) { return } json.NewEncoder(w).Encode(ret) + if u.Fails != 0 { + err = b.userTable.PartUpdate(context.Background(), u.ID, map[string]any{"fails": 0}) + if err != nil { + log.Println("error resetting fails after successful login:", err) + } + } } else { ret.Error = "invalid" + ret.ErrorMsg = "Incorrect username or password" upd := map[string]any{"fails": u.Fails + 1} if (u.Fails+1)%3 == 0 { minutes := 3 ^ ((u.Fails / 3) - 1)